Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
Food Poisoning Sickens Millions a Year. Now, a Surprising Weapon Is Helping Protect Against Contamination.
Every year, one in seven people in America comes down with a foodborne illness, typically caused by a bacterial pathogen, including E.Coli, listeria, salmonella, or campylobacter. That adds up to 48 million people, of which 120,000 are hospitalized and 3000 die, according to the Centers for Disease Control. And the variety of foods that can be contaminated with bacterial pathogens is growing too. In the 20th century, E.Coli and listeria lurked primarily within meat. Now they find their way into lettuce, spinach, and other leafy greens, causing periodic consumer scares and product recalls. Onions are the most recent suspected culprit of a nationwide salmonella outbreak.
Some of these incidents are almost inevitable because of how Mother Nature works, explains Divya Jaroni, associate professor of animal and food sciences at Oklahoma State University. These common foodborne pathogens come from the cattle's intestines when the animals shed them in their manure—and then they get washed into rivers and lakes, especially in heavy rains. When this water is later used to irrigate produce farms, the bugs end up on salad greens. Plus, many small farms do both—herd cattle and grow produce.
"Unfortunately for us, these pathogens are part of the microflora of the cows' intestinal tract," Jaroni says. "Some farmers may have an acre or two of cattle pastures, and an acre of a produce farm nearby, so it's easy for this water to contaminate the crops."
Food producers and packagers fight bacteria by potent chemicals, with chlorine being the go-to disinfectant. Cattle carcasses, for example, are typically washed by chlorine solutions as the animals' intestines are removed. Leafy greens are bathed in water with added chlorine solutions. However, because the same "bath" can be used for multiple veggie batches and chlorine evaporates over time, the later rounds may not kill all of the bacteria, sparing some. The natural and organic producers avoid chlorine, substituting it with lactic acid, a more holistic sanitizer, but even with all these efforts, some pathogens survive, sickening consumers and causing food recalls. As we farm more animals and grow more produce, while also striving to use fewer chemicals and more organic growing methods, it will be harder to control bacteria's spread.
"It took us a long time to convince the FDA phages were safe and efficient alternatives. But we had worked with them to gather all the data they needed, and the FDA was very supportive in the end."
Luckily, bacteria have their own killers. Called bacteriophages, or phages for short, they are viruses that prey on bacteria only. Under the electron microscope, they look like fantasy spaceships, with oblong bodies, spider-like legs and long tails. Much smaller than a bacterium, phages pierce the microbes' cells with their tails, sneak in and begin multiplying inside, eventually bursting the microbes open—and then proceed to infect more of them. The best part is that these phages are harmless to humans. Moreover, recent research finds that millions of phages dwell on us and in us—in our nose, throat, skin and gut, protecting us from bacterial infections as part of our healthy microbiome. A recent study suggested that we absorb about 30 billion phages into our bodies on a daily basis. Now, ingeniously, they are starting to be deployed as anti-microbial agents in the food industry.
A Maryland-based phage research company called Intralytix is doing just that. Founded by Alexander Sulakvelidze, a microbiologist and epidemiologist who came to the United States from Tbilisi, the capital of Georgia, Intralytix makes and sells five different FDA-approved phage cocktails that work against some of the most notorious food pathogens: ListShield for Listeria, SalmoFresh for Salmonella, ShigaShield for Shigella, another foodborne bug, and EcoShield for E.coli, including the infamous strain that caused the Jack in the Box outbreak in 1993 that killed four children and sickened 732 people across four states. Earlier this month, the FDA granted its approval to yet another Intralytix phage for managing Campylobacter contamination, named CampyShield. "We call it safety by nature," Sulakvelidze says.
Intralytix grows phages inside massive 1500-liter fermenters, feeding them bacterial "fodder."
Photo credit: Living Radiant Photography
Phage preparations are relatively straightforward to make. In nature, phages thrive in any body of water where bacteria live too, including rivers, lakes and bays. "I can dip a bucket into the Chesapeake Bay, and it will be full of all kinds of phages," Sulakvelidze says. "Sewage is another great place to look for specific phages of interest, because it's teeming with all sorts of bacteria—and therefore the viruses that prey on them." In lab settings, Intralytix grows phages inside massive 1500-liter fermenters, feeding them bacterial "fodder." Once phages multiply enough, they are harvested, dispensed into containers and shipped to food producers who have adopted this disinfecting practice into their preparation process. Typically, it's done by computer-controlled sprayer systems that disperse mist-like phage preparations onto the food.
Unlike chemicals like chlorine or antibiotics, which kill a wide spectrum of bacteria, phages are more specialized, each feeding on specific microbial species. A phage that targets salmonella will not prey on listeria and vice versa. So food producers may sometimes use a combo of different phage preparations. Intralytix is continuously researching and testing new phages. With a contract from the National Institutes of Health, Intralytix is expanding its automated high-throughput robot that tests which phages work best against which bacteria, speeding up the development of the new phage cocktails.
Phages have other "talents." In her recent study, Jaroni found that phages have the ability to destroy bacterial biofilms—colonies of microorganisms that tend to grow on surfaces of the food processing equipment, surrounding themselves with protective coating that even very harsh chemicals can't crack. "Phages are very clever," Jaroni says. "They produce enzymes that target the biofilms, and once they break through, they can reach the bacteria."
Convincing the FDA that phages were safe to use on food products was no easy feat, Sulakvelidze says. In his home country of Georgia, phages have been used as antimicrobial remedies for over a century, but the FDA was leery of using viruses as food safety agents. "It took us a long time to convince the FDA phages were safe and efficient alternatives," Sulakvelidze says. "But we had worked with them to gather all the data they needed, and the FDA was very supportive in the end." The agency had granted Intralytix its first approval in 2006, and over the past 10 years, the company's sales increased by over 15-fold. "We currently sell to about 40 companies and are in discussions with several other large food producers," Sulakvelidze says. One indicator that the industry now understands and appreciates the science of phages was that his company was ranked as Top Food Safety Provider in 2021 by Food and Beverage Technology Review, he adds. Notably, phage sprays are kosher, halal and organic-certified.
Intralytix's phage cocktails to safeguard food from bacteria are approved for consumers in addition to food producers, but currently the company sells to food producers only. Selling retail requires different packaging like easy-to-use spray bottles and different marketing that would inform people about phages' antimicrobial qualities. But ultimately, giving people the ability to remove pathogens from their food with probiotic phage sprays is the goal, Sulakvelidze says.
It's not the company's only goal. Now Intralytix is going a step further, investigating phages' probiotic and therapeutic abilities. Because phages are highly specialized in the bacteria they target, they can be used to treat infections caused by specific pathogens while leaving the beneficial species of our microbiome intact. In an ongoing clinical trial with Mount Sinai, Intralytix is now investigating a potential phage treatment against a certain type of E. coli for patients with Crohn's disease, and is about to start another clinical trial for treating bacterial dysentery.
"Now that we have proved that phages are safe and effective against foodborne bacteria," Sulakvelidze says, "we are going to demonstrate their potential in therapeutic applications."
Lina Zeldovich has written about science, medicine and technology for Popular Science, Smithsonian, National Geographic, Scientific American, Reader’s Digest, the New York Times and other major national and international publications. A Columbia J-School alumna, she has won several awards for her stories, including the ASJA Crisis Coverage Award for Covid reporting, and has been a contributing editor at Nautilus Magazine. In 2021, Zeldovich released her first book, The Other Dark Matter, published by the University of Chicago Press, about the science and business of turning waste into wealth and health. You can find her on http://linazeldovich.com/ and @linazeldovich.
Your Future Smartphone May Detect Problems in Your Water
In 2014, the city of Flint, Michigan switched the residents' water supply to the Flint river, citing cheaper costs. However, due to improper filtering, lead contaminated this water, and according to the Associated Press, many of the city's residents soon reported health issues like hair loss and rashes. In 2015, a report found that children there had high levels of lead in their blood. The National Resource Defense Council recently discovered there could still be as many as twelve million lead pipes carrying water to homes across the U.S.
What if Flint residents and others in afflicted areas could simply flick water onto their phone screens and an app would tell them if they were about to drink contaminated water? This is what researchers at the University of Cambridge are working on to prevent catastrophes like what occurred in Flint, and to prepare for an uncertain future of scarcer resources.
Underneath the tough glass of our phone screen lies a transparent layer of electrodes. Because our bodies hold an electric charge, when our finger touches the screen, it disrupts the electric field created among the electrodes. This is how the screen can sense where a touch occurs. Cambridge scientists used this same idea to explore whether the screen could detect charges in water, too. Metals like arsenic and lead can appear in water in the form of ions, which are charged particles. When the ionic solution is placed on the screen's surface, the electrodes sense that charge like how they sense our finger.
Imagine a new generation of smartphones with a designated area of the screen responsible for detecting contamination—this is one of the possible futures the researchers propose.
The experiment measured charges in various electrolyte solutions on a touchscreen. The researchers found that a thin polymer layer between the electrodes and the sample solution helped pick up the charges.
"How can we get really close to the touch electrodes, and be better than a phone screen?" Horstmann, the lead scientist on the study, asked himself while designing the protective coating. "We found that when we put electrolytes directly on the electrodes, they were too close, even short-circuiting," he said. When they placed the polymer layer on top the electrodes, however, this short-circuiting did not occur. Horstmann speaks of the polymer layer as one of the key findings of the paper, as it allowed for optimum conductivity. The coating they designed was much thinner than what you'd see with a typical smartphone touchscreen, but because it's already so similar, he feels optimistic about the technology's practical applications in the real world.
While the Cambridge scientists were using touchscreens to measure water contamination, Dr. Baojun Wang, a synthetic biologist at the University of Edinburgh, along with his team, created a way to measure arsenic contamination in Bangladesh groundwater samples using what is called a cell-based biosensor. These biosensors use cornerstones of cellular activity like transcription and promoter sequences to detect the presence of metal ions in water. A promoter can be thought of as a "flag" that tells certain molecules where to begin copying genetic code. By hijacking this aspect of the cell's machinery and increasing the cell's sensing and signal processing ability, they were able to amplify the signal to detect tiny amounts of arsenic in the groundwater samples. All this was conducted in a 384-well plate, each well smaller than a pencil eraser.
They placed arsenic sensors with different sensitivities across part of the plate so it resembled a volume bar of increasing levels of arsenic, similar to diagnostics on a Fitbit or glucose monitor. The whole device is about the size of an iPhone, and can be scaled down to a much smaller size.
Dr. Wang says cell-based biosensors are bringing sensing technology closer to field applications, because their machinery uses inherent cellular activity. This makes them ideal for low-resource communities, and he expects his device to be affordable, portable, and easily stored for widespread use in households.
"It hasn't worked on actual phones yet, but I don't see any reason why it can't be an app," says Horstmann of their technology. Imagine a new generation of smartphones with a designated area of the screen responsible for detecting contamination—this is one of the possible futures the researchers propose. But industry collaborations will be crucial to making their advancements practical. The scientists anticipate that without collaborative efforts from the business sector, the public might have to wait ten years until this becomes something all our smartphones are capable of—but with the right partners, "it could go really quickly," says Dr. Elizabeth Hall, one of the authors on the touchscreen water contamination study.
"That's where the science ends and the business begins," Dr. Hall says. "There is a lot of interest coming through as a result of this paper. I think the people who make the investments and decisions are seeing that there might be something useful here."
As for Flint, according to The Detroit News, the city has entered the final stages in removing lead pipe infrastructure. It's difficult to imagine how many residents might fare better today if they'd had the technology that scientists are now creating.
Of all its tragedy, COVID-19 has increased demand for at-home testing methods, which has carried over to non-COVID-19-related devices. Various testing efforts are now in the public eye.
"I like that the public is watching these directions," says Horstmann. "I think there's a long way to go still, but it's exciting."